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Preliminary to the initial Office Action, please amend the 
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IN THE SPECIFICATION ! 

On Page 1, above line 1, please insert the following 
paragraphs : 

— CROSS REFERENCE TO RELATED APPLICATIONS 

Applicant claims priority under 35 U.S.C. §119 of German 
Application No. 100 17 121.4 filed April 6, 2000. Applicant also 
claims priority under 35 U.S.C. §120 of PCT/DE00/01065 filed 
April 6, 2000. The international application under PCT article 
21(2) was not published in English. — 
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IN THE CLAIMS; 



Please cancel claims 1-11 and replace them with new claims 
12-22 as follows: 

— 12. A data processing system having a processor unit, 
working memory and a media unit, an input unit for inputting data 
and an output unit for outputting data as well as a network 
control unit and a bi-directional interface for networking the 
data processing system with a plurality of interconnected data 
processing systems, as well as an access filter for defining 
access rights for data stored on the media unit, characterized in 
that the access filter is provided in an input-output controller 
(10 controller) of the data processing system between the working 
memory, on the one hand, and the media unit and the network 
control unit, on the other hand. 

13. A data processing system according to claim 12, 
characterized in that "collective definitions" are given for all 
directories and files of all local and networked media in that 
dummy characters (wild cards or jokers) are inputtable into the 
system for hitting all definitions inputted into the system. 

14. A data processing system according to claim 12, 
characterized in that the access rights defined in the access 
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filter are hierarchically arranged in such a way that a plurality 
of different access rights also containing collective definitions 
are presettable for a file, the 3election of a valid definition 
of access rights being effected from the plurality of access 
rights also containing collective definitions by a count of the 
number of characters or a summation of the number of characters 
which are given for defining a path and mask. 

15. An apparatus according to claim 14, characterized in 
that a mask can refer to a file or directory. 

16. An apparatus according to claim 14, characterized in 
that a path refers to local and/or networked media. 

17. A data processing system according to claim 12, 
characterized in that the grant of access rights is effected bi- 
directionally . 

18. A data processing system according to claim 17, 
characterized in that the grant of access rights is effected 
firstly for users from a network for access to the media of the 
data processing system protected with the access filter, and 
secondly for local users for access to local or networked remote 
media, one's own access rights being superimposed on access 
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rights of a medium of the local or a networked data processing 
system. 

19. A data processing system according to claim 12, 
characterized in that the plurality of interconnected data 
processing systems are formed by a local Intranet. 

20. A data processing system according to claim 12, 
characterized in that the plurality of interconnected data 
processing systems are formed by the world-wide Internet. 

21. An apparatus according to claim 12, characterized in 
that the input unit for inputting data is designed as a keyboard 
device* 

22. An apparatus according to claim 12, characterized in 
that the output unit for outputting data is designed as a monitor 
device. — 

REMARKS 

By this Preliminary Amendment, the application has been 
amended to conform with U.S. practice, the cross-reference to 
related applications has been inserted on page 1 and claims 1-11 
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have been canceled and replaced with new claims 12-22. No new 



matter has been introduced, 
respectfully requested. 



COLLARD & ROE, P.C. 
1077 Northern Boulevard 
Roslyn, New York 11576 
(516) 365-9802 
erf : jc 



Entry of this amendment is 



Respectfully submitted, 
THOMAS WESPEL (PCT) 




Allison C. 
Edward R. Free 
Attorneys for Applicants 
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METHOD AND APPARATUS FOR CHANGEABLE DEFINITION 



OF ACCESS RIGHTS TO COMPUTER FILES 



This invention relates to a data processing system having a 
processor unit, a working memory and a media unit, an input 
unit for inputting data and an output unit for outputting 
data as well as a network control unit and a bi-directional 
interface for networking the data processing system with a 
plurality of interconnected data processing systems, as 
well as an access filter for defining access rights for 
data stored on the media unit. 

Data processing systems of the abovementioned kind are 
universally applicable for storing given data in digital 
form and possibly reorganizing them in accordance with the 
process steps of given programs. This makes it possible to 
perform a great variety of manipulations on the data by 
defining presettable operations on the data. The data in 
question can be the property of a person or a private or 
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public organization so that suitable measures are necessary 
for protecting the data and keeping them secret. Such data 
protection is' conventionally obtained with the aid of 
access filters, an access legitimation being effected vis- 
a-vis the data processing system by entry of a protection 
word into the data processing system. Such access filters 
are conventionally stored in a medium of the data 
processing system. This is without disadvantage for data 
processing systems connected in single operation and not 
interconnected with other data processing systems in a 
network, such as an internal company Intranet or the world- 
wide Internet. However, when a plurality of data processing 
systems are joined into a network, it is desirable to be 
able to change the access filter for an arbitrary one of 
the plurality of data processing systems externally via 
another one of the plurality of data processing systems of 
the same network so as to increase the security of the 
totality of data stored in the group of networked data 
processing systems. 



The problem of the invention is therefore to provide a data 
processing system which permits easy changing of the 
protection code of the access filter. 

This problem is solved for a data processing system of the 
above-mentioned kind in that the access filter is provided in 
an input-output plant (IO-controller) of the data processing 
system between the working memory, on the one hand, and the 
media unit and the network control unit, on the other hand. 
In this way, an external access to the access filter is 
possible . 

Preferred embodiments of the invention are the subject matter 
of the subclaims. 

In accordance with the diction selected in the present 
disclosure, a path is the memory location of a file, and a 
mask is a description of a file name, whereby a description 
can in principle also contain dummy characters (jokers) . 

Further, in accordance with the diction selected in the 
present disclosure, the concept of a "definition" is given as 
consisting of a path and a mask and the access right valid 
for said path and mask. A memory location, a file name and 
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an access right taken together consequently form a 
definition. 

The access rights are normally specified. Examples of 
access rights are: 

Read 

Write 

Execute 

Delete 

Rename 

Create 

Change attributes 



- 5- 



Examples of dummy characters are and "?", whereby a 

(wild card) can stand for a plurality of arbitrary letters 
■and a "?" (joker) for just one arbitrary letter. 

Another possible element of a "definition" given in 
accordance with the diction of the present disclosure is 
so-called subdirectories. Subdirectories can optionally be 
included in "definitions." Generally speaking, a path can 
contain subpaths, which is in fact normally the case. So 
that a path is hit in its totality, i.e. including its 
subpaths, it is necessary to state the subdirectories along 
with a directory. Otherwise the computer will only 
recognize a certain path but not the subpaths when a 
certain directory is entered. 

The inventive device has the advantage 

that one can also grant file 
rights such that all subdirectories of a directory are 
automatically included in the grant of access rights via 
the inventive access filter. This has the advantage that a 
"definition" need not be newly created for each 
subdirectory, but a "definition" can be valid for a path 
.with all its subpaths . 

In accordance with a first preferred embodiment of the 
inventive, data processing system, it is provided that 
"collective definitions" are given for all directories and 
files of all local and networked media in that dummy 
characters (jokers or wild cards) are inputtable into the 
system for hitting all definitions inputted into the 
system. It is thus possible to capture and find the 
relevant directories and files fast and summarily. 



In accordance with another preferred embodiment of the 
inventive data processing system, it is provided that the 
access rights defined in the access filter are 
hierarchically arranged in such a way that a plurality of 
different access rights also containing collective 
definitions are presettable for a file, the selection of 
a valid definition of access rights being effected from 
the plurality of access rights also containing collective 
definitions by a count of the number of characters or a 
summation of the characters which are given in a path as 
well as in a mask. One thus obtains a flexible design and 
efficient implementation of the selection of a valid 
access right. 

In accordance with another preferred embodiment of the 
inventive data processing system, it is provided that a 
mask can refer to a file or directory. Moreover, it can 
be provided that a path refers to local and/or networked 
media. It is thus possible to reliably separate and 
distinguish between directories and media of different 
data processing systems of the plurality of networked data 
processing systems . 
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In accordance with another preferred embodiment of the 
inventive data processing system, it is provided that the 
grant of access rights is effected bi-directional. This 
feature ensures that a manipulation or change of the access 
right of a certain data processing system from the 
plurality of networked data processing systems can be made 
via each individual one of the networked data processing 
systems. In accordance with this embodiment of the 
inventive data processing system, all data processing 
systems of a plurality of networked data processing systems 
are hierarchically equal to each other. 

.In addition it is preferably provided in the inventive data 
processing system that the grant of access rights is 
effected firstly for users from the network for access to 
the media' of the data processing system protected with the 
access filter, and secondly for local users for access to 
local or networked remote media, one's own given access 
rights being superimposed on access rights of a medium of a 
networked data processing system. This permits bi- 
directional grant of access rights. This embodiment is 
based on the principle that a plurality of access rights 
are interconnected by logical ANDing. This ensures that a 



- 2 - 



single restriction is sufficient for blocking access to the 
relevant data even when other access rights permit access. 

In accordance with a preferred embodiment of the inventive 
data processing system, the plurality of interconnected 
data processing systems are formed by a local Intranet for 
example of a company or government agency. In conjunction 
therewith or alternatively, the plurality of interconnected 
data processing systems can also be formed by the world^ 
wide Internet according to the invention. 

The input unit for inputting data is preferably designed as 
a keyboard device in the inventive data processing system. 
This permits simple manual entry and assignment of data by 
a user of the inventive data processing system. The output 
unit for outputting data is preferably designed as a 
monitor device. 

The inventive data processing system will be explained in 
the following with reference to a preferred embodiment 
shown in the figure of the drawing, in which: 

FIG. 1 shows a preferred embodiment of the inventive data 
processing system in a schematized representation. 

Inventive data processing system 10 shown in FIG. 1 has 
conventional processor unit 20 consisting of arithmetic 
processing unit 21 and control unit 22, working memory 23 
as well as input-output controller 24 and local media unit 
25, together with a keyboard (not shown) as an input unit 
for inputting data and a monitor (not shown) as an output 
unit for outputting data. In addition, data processing 
system 10 has network control unit 26 and bi-directional 
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interface 24' provided in input-output controller 2 4 for 
networking data processing system , 10 with a plurality of 
interconnected data processing systems 100, and inventive 
access filter 15 provided in input-output controller 24 for 
defining access rights for data stored on media units 25, 
125. In shown inventive data processing system 10, access 
filter 15 is provided essentially to the invention in 
input-output controller 24 of data processing system 10 
between working memory 23, on the one hand, and media unit 
25 and network control unit 22, on the other hand. 

Access filter 15 is designed for bi-directional data 
transfer in the shown embodiment of inventive data 
processing system 10. In accordance with other embodiments 
of the invention, access filter 15 can alternatively be 
formed for a monodirectional data transfer. 

The above-explained example of the invention serves only to 
illustrate the inventive teaching given by the claims, 
which is not restricted by the example as such. 
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Patent claims 

1. A data processing system having a processor unit, a 
working memory and a media unit, an input unit for 
inputting data and an output unit for outputting data as 
well as a network control unit and a bi-directional 
interface for networking the data processing system with a 
plurality of interconnected data processing systems, as 
well as an access filter for defining access rights for 
data stored on the media unit, characterized in that the 
access filter is provided in an input-output controller (10- 
controller) of the data processing system between the 
working memory, on the one hand, and the media unit and the 
network control unit, on the other hand. 

2. A data processing system according to claim 1, 
characterized in that "collective definitions" are given 
for all directories and files of all local and networked 
media in that dummy characters (wild cards or jokers) are 
inputtable into the system for hitting all definitions 
inputted into the system. 

3. A data processing system according to claim 1, 
characterized in that the access rights defined in the 
access filter are hierarchically arranged in such a way 
that a plurality of different access rights also containing 
collective definitions are presettable for a file, the 
selection of a valid definition of access rights being 
effected from the plurality of access rights also 
containing collective definitions by a count of the number 
of characters or a summation of the number of characters 
which are given for defining a path and mask. 
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4. An apparatus according to claim 3 , characterized in that 
a mask can refer to a file or directory. 

5. / An apparatus according to claim 3 , characterized in that 
a path refers to local and/or networked media. 

6. A data processing system according to any of the above 
claims, characterized in that the grant of access rights is 
effected bi-directionally. 



7. A data processing system according to claim 6 , 
characterized in that the grant of access rights is 
effected firstly for users from a network for access to the 
media of the data processing system protected with the 
access filter, and secondly for local users for access to 
local or networked remote media, one's own access rights 
being superimposed on access rights of a medium of the 
local or a networked data processing system. 
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8. A data processing system according to any of claims 1 to 
7, characterized in that the plurality of interconnected 
data processing systems are formed by a local Intranet. 

9 . A data processing system according to any of claims 1 
to 7, characterized in that the plurality of interconnected 
data processing systems are formed by the world-wide 
Internet . 

10 . An apparatus according to any of the above claims, 
characterized in that the input unit for inputting data is 
designed as a keyboard device. 

11. An apparatus according to any of the above claims, 
characterized in that the output unit for outputting data 
is designed as a monitor device. 



***** 



fiUG-13-2001 14:55 COLLRRD a ROE 

COMBINED DECLAUA HON FOR PATENT APPLICATION AM) OF ATTOKttfcY 

(Inciuil» R«?fcfcncc to PCT IntMnationOl Appdrjftflnns) 



516 
WBSPEL-PCT 



3S5 9805 P. 02/03 



A& s. below nsmed friveniw. 1 hcraby declare that' 
My residence, post iifficc address and C4ti2ensbip are as suited IikIow next to my name, 

I Wmve I dja the original, Hrst and sole invent (irmily one name is listed below) or an nri^inaK first and joint 
\u v^tor (ifplurol names are listed below) nfilie subject matter which is claimed and fur which a patent is sought on 
the invention entitled: 

MET HOD AND APPARATUS FOR CItANG EAB LE DEFINITION OF A CCESS H I<j HjnS 

TO COMPUT ER friJUES 

the specifJtiHiuHj of which (check only one Itembdjw) 

[ ] Is arr^hed hereto, 

[ } wafi filed a& United Suiira application 

Serial No. __ 



and was amended 
on 



(if applicable). 



[X] 



was filed ^ PCT international application 
Number FCT/DE00/01065 



on 



APRIL 6,2000 



and wfi3 amended under PCT Anicte 19 

Oil 



. (if applicable). 



T hereby state that I have reviewed and understand the contents of the above-rdenrified sperifiiMiimi, including the 
nlaims, as amended by any amendment referred lu above. 

I ftcknew Ledge the duty to disclose h \ fbi mation which i$ mnteria} to ihe examiimt ion <*>f th is application in accordance 
with 'Litle 37, Code of Federal Regulations. §1.56<a). 

1 hereby claim fufr^n prioriiy bertolrts under Title 35, United Utiles Code, §1 19 of any foraign application^) fm 
patent or invetilui's certificate or of any PCT InrernaUunrtl application^) designating at least one ccninfry ulhci dtan 
ibe United States of America hetcd below and also idciitiftc-d beiow any foreign applied for patent or 
inveiUut'5 certificate or any PCT international *«jiitlir.Arion(j) designating at least one country isihet than the United 
Urates of America tiled by me on the ^wc subject matter havtng a filing date before ihM nf the application^) of 
which priority is claimed; 



PRIOK. FQKEIGN /PCT A FPLICATION(S) AND ANY PRIORITY CLAIMS UNDER 35 U.S.C. M 9; 



country 

(if PCT. indicate "PCT") 


APPLICATION Kl JMBER 


DATE OK K1LING 
(d^y, month, ytau) 


PRIORITY CLAIMED 
UNDbtt 35 US.C. H9 


CFR MANY 


100 17 17.1.4 


6 APRIL 2000 


|X J YES f 1NO 








M YES M NO 








[ 1 YES r 1 NO 








11 YES flNO 








[ j YSS | 1 NO 



1UG-13-2001 14=56 



COLLRRD & ROE 



516 365 9805 P. 03/03 



s r«iMiuiMkrki unrr <*xi k T"r/~>f\j rno patttnit ai>pt ii~ ATinhJ &wrh PrtWWH (YF ATTORNEY 
(Includes Preference to PCT International Application?) 


J WESPEL-PCT 


1 hereby Mux ihebwirfil unjr.i Tlflr. TTnirrd Statc* Cndc, Section 
hdow. 


] 9(c) of any United 


States provisional application^) listed 


(Application Number) (Hhng DGte) 
I hereby claim the benefit under Title 35, United States Cade, $120 of any United States applications) or PCT miemmonxl 
application^) designating the United States of America that k/wv li»*oi1 Mow and, insofar as the subject matter of each of the claims 
uT Lhix application is not disclose in that/those prior applications) in the manner provided by the first paragraph of Title 35, United 
States Code, $1 lli, 1 acknowledge The duty to disclose material information as dpftnrd in Title 17, Code uf Fedeitd Regulations* 
§1. 56(a) which uouutctl bdwmj HI n^e ^ Atc °^ thc P™ or application^) and the national or PCT international tiling date of this 
application; 


PRIOR U.S. APPLICATIONS UK PCT INTERNATIONAL APPLICATIONS HRSTfiN ATlNfl THE U.S. FOR 
KkNRFTT TINDER 35 U.S.C. 120: 


US APPLICATIONS 


STATUS (CJwofcOtt*) 




U.S. AI'I'I it 'A HON 


U.S. FILING DATE 


PATENTED 


TEND INC 


A?JA>IDONED 






















"PrT APPT.ICATinKS DESIGNATING TIE U.S. 








t-1_"l A^KI.Ml ft I lOM ^ 


PTT PTT Per* DATP 


US SERIAL NUMBER 
/t£3JOHED Of uuy) 

































.SOS/IiR- OF- A TTOJINHY' As 2 ^snrdavsntu-U ilsEJ&SLSjjyuiui Oi^&H^^A^a^L^^ jwoficwittftp aspi^on and transact all business tn 
Hie Patau and Tiademaik Office connected ihcrvwith. (List name and rwstration numbers); KURT KELMAN, Registration No „lR.n*?Ji 
ALLISON C. COLLAKU, Registration N Q.22J33: WILLIAM C COLLARJD, Rc^bUatiuM - 
EDWARP R. HfcUsEiJMAN, Kegistnrirai No Jfi^tti- FREDERICK \ DORCHAK, Regisnation Not-2££9«- 
ELIZABETH COLLA RS R ICHTER, Registration No. KRTNP H. GLANZ. Registration Nj 
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COLLARP & ROE, P.C 
1077 Northern Boulevard 
Roslyn. New York 1 1 T76 
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UHHKhK WBO 22 



PIEST GIVEN NAW*" 
THOMAS 
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GERMANY 



D*$$dS7 MIETINGEN 



Diroot Telephone CalJs to; 
^/tamtr ti«<J teteie til/tie tmmfci) 



SECOND GIVEN WAMC 



COUMTKLY0F CITIZENSHIP 
GERMANY 



STATE A ZIP C0DP-/C0 UNTR Y 

CSERMANY 
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:tatememe made herein of my own knowledge arc true and th<i< >01 ■sixirrniatf* m/ide rm information and 
*"uc; and fuiihei tliat these statements were made with the knowledge that willful false statements and the 
ble by tine or impraonment, or both, under section 1001 of Title 18 of the United Siains C,u)e, (imL 
ents may jeop^ydtSLlLc valklity of thr. appKEarirm nr Any patent issuing thereon. 
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